MS11-099 MS11-099 - Important : Cumulative Security Update for Internet Explorer (2618444) - Version: 1.2
Version2012-01-10
Severity Rating: Important
Revision Note: V1.2 (January 10, 2012): Announced that this update, MS11-099, enables the protections provided in the Vulnerability in SSL/TLS Could Allow Information Disclosure update, MS12-006, for Internet Explorer. For more information, see the Update FAQ.
Summary: This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
2.60%
Published
2011-12-14
Updated
2022-03-01
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
Max CVSS
9.3
EPSS Score
76.59%
Published
2011-12-14
Updated
2022-03-01
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
1.61%
Published
2011-12-14
Updated
2022-03-01